Password-Based Simsec Protocol

Total Page:16

File Type:pdf, Size:1020Kb

Password-Based Simsec Protocol DUJE (Dicle University Journal of Engineering) 11:3 (2020) Page 1021-1030 Research Article Password-Based SIMSec Protocol 1,* 2 Sedat AKLEYLEK , Engin KARACAN 1 Ondokuz Mayıs University, Department of Computer Engineering Engineering, Engineering Faculty, Samsun, Turkey [email protected] https://orcid.org/0000-0002-2306-6008 2 Ondokuz Mayıs University, Computational Sciences Program, Graduate School of Sciences, Samsun, Turkey [email protected] https://orcid.org/0000-0002-2306-6008 ARTICLE INFO ABSTRACT Article history: Received 17 June 2020 The purpose of the SIMSec protocol is to provide the infrastructure to enable secured access between the Received in revised form 25 August 2020 SIM (Subscriber Identity Module) card which doesn’t have an ephemeral key installed during production Accepted 30 August 2020 and the service provider. This infrastructure has a form based on agreements among the mobile network Available online 30 September 2020 manufacturer, the user, the service provider and the card manufacturer. In order to secure transactions, authentication methods are used based on the fact that both parties can verify that they are the parties Keywords : they claim to be. In this study, the key exchange and authentication models in the literature have been surveyed and the password-based authentication model is chosen. For the SIMSec protocol, the Authentication, Key, Exchange, password-based authentication algorithm is integrated into the SIMSec protocol. Thanks to the proposed SIMSec new structure, phase differences in the SIMSec protocol are shown. As a result, a new key exchange protocol is proposed for SIM cards. Doi: 10.24012/dumf.753942 * Corresponding author Sedat, Akleylek [email protected] Please cite this article in press as S. Akleylek, E. Karacan, “Password-Based SIMSec Protocol”, DUJE, vol. 11, no.3, pp. 1021-1030, September 2020. 1 DUJE (Dicle University Journal of Engineering) 11:3 (2020) Page 1021-1030 Introduction been produced and the secret key has not been When the development process of loaded. communication technology is examined, it is Various different models have been investigated seen that mobile phones cover a great place. It to provide for secure communication of SIM has been observed that mobile phone usage areas technology. In some of these models, secret keys have increased in proportion to time so far. At were assigned during production process [3-8]. the beginning mobile phones were served to However in [3], while secret keys weren’t users for voice calls and short message services. assigned during production process, it was With the advances in communication proposed that keys that they developed assign technology, it has helped secure transactions exchange protocol stack to SIM technology for such as mobile banking, mobile signature and providing secure communication. mobile payment through the developing system. This study will be categorized into four sections. Thanks to these developments, cash out In the first section, the literature review and the transactions, online shopping, credit card usage, content of the study are described. Section 2 online payments, e-commerce and the like can based on the latest years usage of smartphones be secured safely via SIM on today's devices and smart devices that work with SIM, the [1,2,3]. The secure provision of these services infrastructures and the mathematical structures depends on the security of communications of the key exchange and authentication models between the service providers and the SIM. SIM in the literature are examined for the security of technology has been developing every year. SIM SIM technology. It is mentioned the differences memory sizes update itself with advancing between analyzed models. In Section 3 to ensure technology. These SIMs are installed by card SIM security password-based SIMSEC protocol manufacturers with ephemeral key protocols to is proposed and the infrastructure of the method ensure secured access between service providers is shown mathematically. In the last section, the and the SIM. In this study, transaction and results obtained in the study and the studies that memory costs are taken into consideration with a are aimed to be done in the future are given and similar mentality in SIMSec protocol. a hybrid model is presented using the password- Key exchange can be defined as a protocol for based key exchange model and SIMSec protocol two mutual parties to negotiate a secret key. The together. It is stated that reliable models will be authentication method can be defined again as a studied on providing the infrastructure enabling protocol that are established by verifying that the secured access between SIM cards that are not two parties are the parties they are claiming loaded with an ephemeral key during the each other to be. Key exchange and production and service provider. authentication methods for the secured access of Key Exchange and Authentication Models the parties take an important place in the literature. This section summarizes the working principles and mathematical backgrounds of password- Related Works: based password-protected models from key Today, SIM Cards (64kb 128kb 356kb 512kb) exchange and authentication models in a study with different capacities are produced by card [9,10]. The notations and parameters used in all manufacturers. Secret keys are loaded on these models discussed throughout the study are given cards during production in order to provide end- in Table 1. to-end secure communication over the produced cards. With the developing technology, communication security can be attacked. The attacker can cause problems by attacking this communication channel, such as changing data, listening and breaking data [1,2]. End-to-end communication has been made safer with the suggestion presented in this paper. A new key exchange protocol is proposed to the SIM cards with the presented method, where the card has 1022 DUJE (Dicle University Journal of Engineering) 11:3 (2020) Page 1021-1030 Table 1. Notations Password–based protocol (PAK) Parameters Definitions The biggest problem in the password-based π Password of client protocol (PAK) model is to estimate the π value of the client [12,13]. If the attacker knows the p Large prime number of at least 1024 bits value π and has an idea of how the algorithm q g / p-1 prime number will work, the attacker can find all tA, tB values. G Zp subgroup An attacker could damage the communication g Generator of group G information between the parties. Therefore, rA, rB Figures randomly selected in the session Bellare has customized the key generation Zp Set of integers with elements 0 to p-1 function to make it difficult to find the session rA rB tA, tB tA= g tB= g key. However, the symmetric encryption xA, xB Client and server’s private long passwords algorithm used in the protocol must provide ZAB Shared information (secret) randomness characteristics. Boyko obtained the KAB Derived session key “P” value by using relatively prime values [14] Hİ (.) Unicast sum functions. H1 H2 H3… between r and q in the protocol set called PAK. With the help of these values, the switch in Diffie-Hellman encrypted key exchange group G was produced. The proposed key (EKE) exchange protocol is given in Figure 2 [15]. Encrypted key exchange In the Diffie-Hellman- Since the PAK protocol uses the summary EKE model is that a shared key is encrypted function and the “r” value in calculating P, the with a public key by using the password and is cost is higher than Diffie-Hellman. Another sent from client to server so that the client and difference between the two protocols is the server can communicate securely [11]. Only the customization of the key generation function. party who knows the password can complete the So, the authentication mechanism was added. protocol. The flow of this protocol is given in Figure 1 [11,12]. rA rB ZAB= (g ) rB rA ZAB= (g ) rB rA rA rB ZAB= (g ) ZAB= (g ) Fig. 1. Diffie-Hellman-EKE This protocol was developed against “partition” attacks. According to this idea, the attacker who guesses the password can check whether the values tA and tB are valid. This set of protocols is based on the difficulty of finding the parameters selected by the attacker [12]. Fig. 2. Password–based Protocol (PAK) 1023 DUJE (Dicle University Journal of Engineering) 11:3 (2020) Page 1021-1030 Password protected key exchange (PPK) r.r-1 ≡ 1 mod q P P 푚 푚 1 푚 푚 푡 = = = ℎ−q ሺ푚표푑 푞ሻ = 퐴 ℎq . 푃 푃 ℎq 푃 푃 rB rA rA rB rB rA rA rB ZAB= (g ) ZAB= (g ) ZAB= (g ) ZAB= (g ) Fig. 3. Password protected key exchange protocol (PPK) Fig. 4. Password–based protocol-R protocol (PAK-R) In the password protected key exchange (PPK) model, it is harder for an attacker to obtain the Password–based protocol-Y (PAK-Y) “π” value. The client calculates P1 and P2 using The PAK-Y model, called the Y-password-based the values “π” and “r”[14]. This brings an extra key exchange protocol, refers to the PAK model calculation cost for the client. The PPK model is as the PAK-R model [18]. The problem in this shown in Figure 3 [14, 16]. model as well is that the attacker finds the π Password–based protocol-R (PAK-R) value that the client has. As with the PAK model, an attacker can find all tA, tB values if he The R-password-based protocol (PAK-R) refers has any idea about the π parameter and the to the PAK model [16,17]. The main difference algorithm. In order to avoid this situation, it is with PAK is that the calculation costs of the made difficult to find π value in PAK-Y model.
Recommended publications
  • Bilinear Map Cryptography from Progressively Weaker Assumptions
    Full version of an extended abstract published in Proceedings of CT-RSA 2013, Springer-Verlag, Feb. 2013. Available from the IACR Cryptology ePrint Archive as Report 2012/687. The k-BDH Assumption Family: Bilinear Map Cryptography from Progressively Weaker Assumptions Karyn Benson, Hovav Shacham ∗ Brent Watersy University of California, San Diego University of Texas at Austin fkbenson, [email protected] [email protected] February 4, 2013 Abstract Over the past decade bilinear maps have been used to build a large variety of cryptosystems. In addition to new functionality, we have concurrently seen the emergence of many strong assump- tions. In this work, we explore how to build bilinear map cryptosystems under progressively weaker assumptions. We propose k-BDH, a new family of progressively weaker assumptions that generalizes the de- cisional bilinear Diffie-Hellman (DBDH) assumption. We give evidence in the generic group model that each assumption in our family is strictly weaker than the assumptions before it. DBDH has been used for proving many schemes secure, notably identity-based and functional encryption schemes; we expect that our k-BDH will lead to generalizations of many such schemes. To illustrate the usefulness of our k-BDH family, we construct a family of selectively secure Identity-Based Encryption (IBE) systems based on it. Our system can be viewed as a generalization of the Boneh-Boyen IBE, however, the construction and proof require new ideas to fit the family. We then extend our methods to produces hierarchical IBEs and CCA security; and give a fully secure variant. In addition, we discuss the opportunities and challenges of building new systems under our weaker assumption family.
    [Show full text]
  • Circuit-Extension Handshakes for Tor Achieving Forward Secrecy in a Quantum World
    Proceedings on Privacy Enhancing Technologies ; 2016 (4):219–236 John M. Schanck*, William Whyte, and Zhenfei Zhang Circuit-extension handshakes for Tor achieving forward secrecy in a quantum world Abstract: We propose a circuit extension handshake for 2. Anonymity: Some one-way authenticated key ex- Tor that is forward secure against adversaries who gain change protocols, such as ntor [13], guarantee that quantum computing capabilities after session negotia- the unauthenticated peer does not reveal their iden- tion. In doing so, we refine the notion of an authen- tity just by participating in the protocol. Such pro- ticated and confidential channel establishment (ACCE) tocols are deemed one-way anonymous. protocol and define pre-quantum, transitional, and post- 3. Forward Secrecy: A protocol provides forward quantum ACCE security. These new definitions reflect secrecy if the compromise of a party’s long-term the types of adversaries that a protocol might be de- key material does not affect the secrecy of session signed to resist. We prove that, with some small mod- keys negotiated prior to the compromise. Forward ifications, the currently deployed Tor circuit extension secrecy is typically achieved by mixing long-term handshake, ntor, provides pre-quantum ACCE security. key material with ephemeral keys that are discarded We then prove that our new protocol, when instantiated as soon as the session has been established. with a post-quantum key encapsulation mechanism, Forward secret protocols are a particularly effective tool achieves the stronger notion of transitional ACCE se- for resisting mass surveillance as they resist a broad curity. Finally, we instantiate our protocol with NTRU- class of harvest-then-decrypt attacks.
    [Show full text]
  • The Twin Diffie-Hellman Problem and Applications
    The Twin Diffie-Hellman Problem and Applications David Cash1 Eike Kiltz2 Victor Shoup3 February 10, 2009 Abstract We propose a new computational problem called the twin Diffie-Hellman problem. This problem is closely related to the usual (computational) Diffie-Hellman problem and can be used in many of the same cryptographic constructions that are based on the Diffie-Hellman problem. Moreover, the twin Diffie-Hellman problem is at least as hard as the ordinary Diffie-Hellman problem. However, we are able to show that the twin Diffie-Hellman problem remains hard, even in the presence of a decision oracle that recognizes solutions to the problem — this is a feature not enjoyed by the Diffie-Hellman problem in general. Specifically, we show how to build a certain “trapdoor test” that allows us to effectively answer decision oracle queries for the twin Diffie-Hellman problem without knowing any of the corresponding discrete logarithms. Our new techniques have many applications. As one such application, we present a new variant of ElGamal encryption with very short ciphertexts, and with a very simple and tight security proof, in the random oracle model, under the assumption that the ordinary Diffie-Hellman problem is hard. We present several other applications as well, including: a new variant of Diffie and Hellman’s non-interactive key exchange protocol; a new variant of Cramer-Shoup encryption, with a very simple proof in the standard model; a new variant of Boneh-Franklin identity-based encryption, with very short ciphertexts; a more robust version of a password-authenticated key exchange protocol of Abdalla and Pointcheval.
    [Show full text]
  • Implementation and Performance Evaluation of XTR Over Wireless Network
    Implementation and Performance Evaluation of XTR over Wireless Network By Basem Shihada [email protected] Dept. of Computer Science 200 University Avenue West Waterloo, Ontario, Canada (519) 888-4567 ext. 6238 CS 887 Final Project 19th of April 2002 Implementation and Performance Evaluation of XTR over Wireless Network 1. Abstract Wireless systems require reliable data transmission, large bandwidth and maximum data security. Most current implementations of wireless security algorithms perform lots of operations on the wireless device. This result in a large number of computation overhead, thus reducing the device performance. Furthermore, many current implementations do not provide a fast level of security measures such as client authentication, authorization, data validation and data encryption. XTR is an abbreviation of Efficient and Compact Subgroup Trace Representation (ECSTR). Developed by Arjen Lenstra & Eric Verheul and considered a new public key cryptographic security system that merges high level of security GF(p6) with less number of computation GF(p2). The claim here is that XTR has less communication requirements, and significant computation advantages, which indicate that XTR is suitable for the small computing devices such as, wireless devices, wireless internet, and general wireless applications. The hoping result is a more flexible and powerful secure wireless network that can be easily used for application deployment. This project presents an implementation and performance evaluation to XTR public key cryptographic system over wireless network. The goal of this project is to develop an efficient and portable secure wireless network, which perform a variety of wireless applications in a secure manner. The project literately surveys XTR mathematical and theoretical background as well as system implementation and deployment over wireless network.
    [Show full text]
  • 2.4 the Random Oracle Model
    國 立 交 通 大 學 資訊工程學系 博 士 論 文 可證明安全的公開金鑰密碼系統與通行碼驗證金鑰 交換 Provably Secure Public Key Cryptosystems and Password Authenticated Key Exchange Protocols 研 究 生:張庭毅 指導教授:楊維邦 教授 黃明祥 教授 中 華 民 國 九 十 五 年 十 二 月 可證明安全的公開金鑰密碼系統與通行碼驗證金鑰交換 Provably Secure Public Key Cryptosystems and Password Authenticated Key Exchange Protocols 研 究 生:張庭毅 Student:Ting-Yi Chang 指導教授:楊維邦 博士 Advisor:Dr. Wei-Pang Yang 黃明祥 博士 Dr. Min-Shiang Hwang 國 立 交 通 大 學 資 訊 工 程 學 系 博 士 論 文 A Dissertation Submitted to Department of Computer Science College of Computer Science National Chiao Tung University in partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy in Computer Science December 2006 Hsinchu, Taiwan, Republic of China 中華民國九十五年十二月 ¡¢£¤¥¦§¨© ª« ¬ Æ ¯ « ¡¨ © ¡¢£¤¥ ¦§¨©¢ª«¬ Æ ¯ Æ ­Æ Æ ¡ ElGamal ¦§ °±¥ ²³´ ·§±¥¸¹º»¼½¶­¾¿§­¾¿¸¹³ °µ¶ p ­° p§­¾¿ ElGamal Hwang §°À¡Á²±¥·§ÂÃÄŨ© ElGamal-like È ÆǧȤÉÀÊËÌ¡ÍÎϧElGamal-like IND-CPA ¡¦ÃÅ Á²±¥·ÁÃÄŧ¨©­§Æ ° ½¡ÐÑÒµ§ IND-CPA ElGamal IND- ±È¤±¥ÓÔÕ§ CCA2§ ElGamal-extended ¡Ö×ج­Ù¶ÚÀÛÜ°§¨©ÝÞ­°ÛÜߧ ¡¦§ËÌ IND-CPAPAIR ElGamal-extended Ô°°ÃÄÅ ¬§DZàáâ ãäåæçèé°¡êÛÜ°ëìíîï§åÉ i ïíîÛܰ먩ǰ § ðñòóô ¨©õ­ö÷°§Àäå ­øù×Øú§ûüÀÆý°þÿì° ÛÜµÌ °Ûܱ¡ Bellare-Pointcheval-Rogaway ¯À°úÐÑÒ·§¨© ° Diffie-Hellman õ­°Ý§¡¦§ ò°¥§§±¥§Diffie- Hellman ¯§¥§§È秧 È秧ô§§ç±Ûܧ §ÐÑÒ ii Provably Secure Public Key Cryptosystems and Password Authenticated Key Exchange Protocols Student: Ting-Yi Chang Advisor: Dr. Wei-Pang Yang Dr. Min-Shiang Hwang Institute of Computer Science and Engineering National Chiao Tung University ABSTRACT In this thesis, we focus on two topics: public key cryptosystems and pass- word authenticated key exchange protocols.
    [Show full text]
  • Multi-Server Authentication Key Exchange Approach in Bigdata Environment
    International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 04 Issue: 07 | July -2017 www.irjet.net p-ISSN: 2395-0072 MULTI-SERVER AUTHENTICATION KEY EXCHANGE APPROACH IN BIGDATA ENVIRONMENT Miss. Kiran More1, Prof. Jyoti Raghatwan2 1Kiran More, PG Student. Dept. of Computer Engg. RMD Sinhgad school of Engineering Warje, Pune 2Prof. Jyoti Raghatwan, Dept. of Computer Engg. RMD Sinhgad school of Engineering Warje, Pune ---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - The key establishment difficulty is the maximum Over-all Equivalent Files System. Which are usually required central issue and we learn the trouble of key organization for for advanced scientific or data exhaustive applications such secure many to many communications for past several years. as digital animation studios, computational fluid dynamics, The trouble is stimulated by the broadcast of huge level and semiconductor manufacturing. detached file organizations behind similar admission to In these milieus, hundreds or thousands of file various storage space tactics. Our chore focal ideas on the structure clients bit data and engender very much high current Internet commonplace for such folder systems that is summative I/O load on the file coordination supporting Parallel Network Folder System [pNFS], which generates petabytes or terabytes scale storage capacities. Liberated of employment of Kerberos to establish up similar session keys the enlargement of the knot and high-performance flanked by customers and storing strategy. Our evaluation of computing, the arrival of clouds and the MapReduce the available Kerberos bottommost procedure validates that it program writing model has resulted in file system such as has a numeral of borders: (a) a metadata attendant make the Hadoop Distributed File System (HDFS).
    [Show full text]
  • Speke Cycle Route
    www.LetsTravelWise.org 1253 330 0151 Telephone: need. might you else 090305/IS/TM/08O9/P anything and times, the through you talk will bike. by easily more Speke around get and person local a – 33 22 200 0871 travel to way wiser a is cycling how shows leaflet This future. our and us on Traveline call want, for move wise a is out them trying Merseyside, in options of lots have We Updated you train or bus which out find To Getting around Speke on your bike your on Speke around Getting September journey. each making of way Manchester. best the about think to need all we cities big other in seen pollution and and Widnes Warrington, in stations 2011. congestion the avoid to want we If slower. getting is travel car meaning Cycle Speke Cycle for outwards and Centre City the in MA. rapidly, rising is Merseyside in car by made being trips of number the Central Liverpool and Street Lime but journeys, their of many or all for TravelWise already are people Most Liverpool towards stations rail Cross Hunts and Parkway South Liverpool from both operate trains Line City and Northern Frequent Centre. City car. a without journeys make the to Parkway South Liverpool from minutes 15 to 10 about takes only It to everyone for easier it make to aim we Merseytravel, and Authorities Local Merseyside the by Funded sharing. car and transport public cycling, trains. Merseyside walking, more – travel sustainable more encourage to aims TravelWise all on free go Bikes problem. a be can parking where Centre City Liverpool into travelling when or workplace, your or school to get to easier it makes www.transpenninetrail.org.uk Web: This way.
    [Show full text]
  • Authentication and Key Distribution in Computer Networks and Distributed Systems
    13 Authentication and key distribution in computer networks and distributed systems Rolf Oppliger University of Berne Institute for Computer Science and Applied Mathematics {JAM) Neubruckstrasse 10, CH-3012 Bern Phone +41 31 631 89 51, Fax +41 31 631 39 65, [email protected] Abstract Authentication and key distribution systems are used in computer networks and dis­ tributed systems to provide security services at the application layer. There are several authentication and key distribution systems currently available, and this paper focuses on Kerberos (OSF DCE), NetSP, SPX, TESS and SESAME. The systems are outlined and reviewed with special regard to the security services they offer, the cryptographic techniques they use, their conformance to international standards, and their availability and exportability. Keywords Authentication, key distribution, Kerberos, NetSP, SPX, TESS, SESAME 1 INTRODUCTION Authentication and key distribution systems are used in computer networks and dis­ tributed systems to provide security services at the application layer. There are several authentication and key distribution systems currently available, and this paper focuses on Kerberos (OSF DCE), NetSP, SPX, TESS and SESAME. The systems are outlined and reviewed with special regard to the security services they offer, the cryptographic techniques they use, their conformance to international standards, and their availability and exportability. It is assumed that the reader of this paper is familiar with the funda­ mentals of cryptography, and the use of cryptographic techniques in computer networks and distributed systems (Oppliger, 1992 and Schneier, 1994). The following notation is used in this paper: • Capital letters are used to refer to principals (users, clients and servers).
    [Show full text]
  • Strong Password-Based Authentication in TLS Using the Three-Party Group Diffie–Hellman Protocol
    284 Int. J. Security and Networks, Vol. 2, Nos. 3/4, 2007 Strong password-based authentication in TLS using the three-party group Diffie–Hellman protocol Michel Abdalla* École normale supérieure – CNRS, LIENS, Paris, France E-mail: [email protected] *Corresponding author Emmanuel Bresson Department of Cryptology, CELAR Technology Center, Bruz, France E-mail: [email protected] Olivier Chevassut Lawrence Berkeley National Laboratory, Berkeley, CA, USA E-mail: [email protected] Bodo Möller Horst Görtz Institute for IT Security, Ruhr-Universität Bochum, Bochum, Germany E-mail: [email protected] David Pointcheval École normale supérieure – CNRS, LIENS, Paris, France E-mail: [email protected] Abstract: The internet has evolved into a very hostile ecosystem where ‘phishing’ attacks are common practice. This paper shows that the three-party group Diffie-Hellman key exchange can help protect against these attacks. We have developed password-based ciphersuites for the Transport Layer Security (TLS) protocol that are not only provably secure but also believed to be free from patent and licensing restrictions based on an analysis of relevant patents in the area. Keywords: password authentication; group Diffie–Hellman key exchange; transport layer security; TLS. Reference to this paper should be made as follows: Abdalla, M., Bresson, E., Chevassut, O., Möller, B. and Pointcheval, D. (2007) ‘Strong password-based authentication in TLS using the three-party group Diffie-Hellman protocol’, Int. J. Security and Networks, Vol. 2, Nos. 3/4, pp.284–296. Biographical notes: Michel Abdalla is currently a Researcher with the Centre National de la Recherche Scientifique (CNRS), France and a Member of the Cryptography Team at the Ecole Normale Supérieure (ENS), France.
    [Show full text]
  • DRAFT Special Publication 800-56A, Recommendation for Pair-Wise Key
    The attached DRAFT document (provided here for historical purposes) has been superseded by the following publication: Publication Number: NIST Special Publication (SP) 800-56A Revision 2 Title: Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography Publication Date: 05/13/2013 • Final Publication: https://doi.org/10.6028/NIST.SP.800-56Ar2 (which links to http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf). • Information on other NIST Computer Security Division publications and programs can be found at: http://csrc.nist.gov/ The following information was posted with the attached DRAFT document: Aug 20, 2012 SP 800-56 A Rev.1 DRAFT Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography (Draft Revision) NIST announces the release of draft revision of Special Publication 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography. SP 800-56A specifies key-establishment schemes based on the discrete logarithm problem over finite fields and elliptic curves, including several variations of Diffie-Hellman and MQV key establishment schemes. The revision is made on the March 2007 version. The main changes are listed in Appendix D. Please submit comments to 56A2012rev-comments @ nist.gov with "Comments on SP 800-56A (Revision)" in the subject line. The comment period closes on October 31, 2012. NIST Special Publication 800-56A Recommendation for Pair-Wise August 2012 Key-Establishment Schemes Using Discrete Logarithm Cryptography (Draft Revision) Elaine Barker, Lily Chen, Miles Smid and Allen Roginsky C O M P U T E R S E C U R I T Y Abstract This Recommendation specifies key-establishment schemes based on the discrete logarithm problem over finite fields and elliptic curves, including several variations of Diffie-Hellman and MQV key establishment schemes.
    [Show full text]
  • Fast and Secure Generating and Exchanging a Symmetric Key for TVWS Protocol
    International Journal of Computer Science and Telecommunications [Volume 9, Issue 3, May 2018] 15 Fast and Secure Generating and Exchanging a Symmetric Key for TVWS Protocol ISSN 2047-3338 Mubark M. A. Elmubark Department of MIS Blue Nile University, Sudan [email protected] Abstract– In network security, symmetric key encryption security key. So many security protocols can be used in methods are commonly used in order to generate and exchange TVWS with pros and cons. a secret key between the sender and the receiver. The main This paper concentrated on security issues in spectrum drawbacks of this method are that, the attackers might access database access and studies these protocols and proposed new the transmitted data and use it to obtain the key and even methods for key generation and exchange. generate new keys. Also, the process of generating the key is inefficient and time consuming. In this paper a new key PKMv1: WiMAX security, as specified by IEEE 802.16 generation and exchange protocol is proposed to overcome the standard [2] is provided by a security sublayer resided in the aforementioned problems in the conventional symmetric key MAC layer. A protocol called PKM has been adopted in the encryption methods. In the proposed protocol, the results show security sublayer of WiMAX to provide authorization, that the protocol is saved. authentication and keys exchange and distribution between Index Terms– Security, Key Generation and Key Exchange Base Stations (BSs) and Subscriber Stations (SSs). The standard has approved two versions of PKM protocol. PKMv1 which is approved in IEEE 802.16-2004 standards I.
    [Show full text]
  • IEEE P1363.2: Password-Based Cryptography
    IEEE P1363.2: Password-based Cryptography David Jablon CTO, Phoenix Technologies NIST PKI TWG - July 30, 2003 What is IEEE P1363.2? • “Standard Specification for Password-Based Public-Key Cryptographic Techniques” • Proposed standard • Companion to IEEE Std 1363-2000 • Product of P1363 Working Group • Open standards process PKI TWG July 2003 IEEE P1363.2: Password-based Cryptography 2 One of several IEEE 1363 standards • Std 1363-2000 • Sign, Encrypt, Key agreem’t, using IF, DL, & EC families • P1363a • Same goals & families as 1363-2000 • P1363.1: Lattice family • Same goals as 1363-2000, Different family • P1363.2: Password-based • Same families • More ambitious goals PKI TWG July 2003 IEEE P1363.2: Password-based Cryptography 3 Scope of P1363.2 • Modern “zero knowledge” password methods • Uses public key techniques • Uses two or more parties • Needs no other infrastructure • Authenticated key establishment • Resists attack on low-grade secrets • passwords, password-derived keys, PINs, ... PKI TWG July 2003 IEEE P1363.2: Password-based Cryptography 4 Rationale (1) • Why low-grade secrets? • People have trouble with high-grade keys • storage -- memorizing • input -- attention to detail • output -- typing • Passwords are ubiquitous • Easy for people to memorize, recognize, and type. • Reduce security/convenience tradeoffs. PKI TWG July 2003 IEEE P1363.2: Password-based Cryptography 5 Rationale (2) • Why use public-key techniques? • Symmetric methods can’t do it. • Why new methods? • Different than symmetric, hash, or other PK crypto. • AES, SHA-1, DH, and RSA can’t do it alone. PKI TWG July 2003 IEEE P1363.2: Password-based Cryptography 6 Chosen Password Quality Summarized from Distribution Morris & Thompson ‘79, Klein ‘90, Spafford ‘92 0 30 or so 60 or so Password Entropy (bits) History of protocols that fail to dictionary attack (or worse) • Clear text password π • Password as a key Eπ (verifiable text) • (e.g.
    [Show full text]